2021 is shaping up to be a great year for developers, but not so much for companies hiring them, with 61% of HR professionals believing this will be their biggest challenge in the year ahead. Recruiters expect a shortage of qualified programmers in 2021. fizkes / iStock Hiring managers worry that they’ll struggle to recruit […]
Pioneering scientists like Rothermel dealt with this intractable problem by ignoring it. Instead, they searched for factors, such as wind speed and slope, that could help them predict a fire’s next move in real time. Looking back, Finney says, it’s a miracle that Rothermel’s equations work for wildfires at all. There’s the sheer difference in […]
From smart toilets and disinfecting robots to transparent OLED displays and sleep tech, CES 2021 was a showcase for the latest innovations in consumer and enterprise technology. CES 2021 is a wrap. And although this year’s all-digital event was a significantly different experience from past shows, there was plenty of innovative tech on display. TechRepublic’s […]
And yet, attitudes toward open source have almost completely changed over the past decade. Well, except that organizations still expect to save money by using open source. But the biggest change of all may well be in the area of security.
This fact struck me while reviewing the results of a developer survey my team commissioned. I knew that attitudes had shifted, with more emphasis on open source to foster business agility and less on things like “lock-in,” but I hadn’t realized just how markedly the market had moved (Figure A).
As mentioned, cost remains a driver for open source adoption, but the number one driver of open source today was the number one inhibitor of open source adoption 10 years ago: Security.
But maybe, just maybe, it’s because we’ve gotten smarter about software and security, generally.
Early on, people criticized open source security because, well, it’s open. Surely if hackers can spot problems in code, they can exploit it. Proprietary vendors piled on, touting security through obscurity. Meanwhile, open source proponents went to the opposite extreme, arguing that open source is more secure by default because “given enough eyeballs, all bugs are shallow.” The problem, of course, is that it’s simply not the case that there are lots of “eyeballs” inspecting open source code to make sure it’s secure.
So neither side was particularly correct. But one thing that has become apparent over time is that while open source software isn’t inherently more (or less) secure, rather it offers an inherently better process for securing code. Bugs in open source code, when uncovered, are quickly fixed through an open process. Unfortunately, that same process doesn’t guarantee that users will apply the fixes to their code.
Somewhere along the line as an industry we realized that security is a process, not something that can somehow be engineered into code. Once that shift happened, it was just a matter of time before we realized that open source was the best way to deliver such a process. So enjoy that lower-cost, higher-innovation open source software…and get better security for free.
Disclosure: I work for AWS, but the views expressed herein are mine.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays